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Abstract. In this paper, we show that theory of processes can be re- 
duced to the theory of spatial logic. Firstly, we propose a spatial logic 
SL for higher order 7r-calculus, and give an inference system of SL. The 
soundness and incompleteness of SL are proved. Furthermore, we show 
that the structure congruence relation and one-step transition relation 
can be described as the logical relation of SL formulae. We also extend 
bisimulations for processes to that for SL formulae. Then we extend all 
definitions and results of SL to a weak semantics version of SL, called 
WL. At last, we add /i-operator to SL. This new logic is named fiSL. 
We show that WL is a sublogic of fiSL and replication operator can be 
expressed in /J.SL. 



1 Introduction 

Higher order 7r-calculus was proposed and studied intensively in Sangiorgi's dis- 
sertation [29 . In higher order 7r-calculus, processes and abstractions over pro- 
cesses of arbitrarily high order, can be communicated. Some interesting equiva- 
lences for higher order 7r-calculus, such as barbed equivalence, context bisimu- 
lation and normal bisimulation, were presented in Barbed equivalence can 
be regarded as a uniform definition of bisimulation for a variety of concurrent 
calculi. Context bisimulation is a very intuitive definition of bisimulation for 
higher order 7r-calculus, but it is heavy to handle, due to the appearance of uni- 
versal quantifications in its definition. In the definition of normal bisimulation, 
all universal quantifications disappeared, therefore normal bisimulation is a very 
economic characterization of bisimulation for higher order 7r-calculus. The coin- 
cidence between the three weak equivalences was proven [29128120] . Moreover, 
this proposition was generalized to strong case [10] . 

Spatial logic was presented in [T2]. Spatial logic extends classical logic with 
connectives to reason about the structure of the processes. The additional con- 
nectives belong to two families. Intensional operators allow one to inspect the 



structure of the process. A formula Ai\A2 is satisfied whenever we can split the 
process into two parts satisfying the corresponding sub-formula Ai, i = 1,2. In 
the presence of restriction in the underlying model, a process P satisfies formula 
n®A if we can write P as (vn)P' with P' satisfying A. Finally, formula is 
only satisfied by the inaction process. Connectives | and ® come with adjunct 
operators, called guarantee (>) and hiding (0) respectively, that allow one to 
extend the process being observed. In this sense, these can be called contextual 
operators. P satisfies Ai > A 2 whenever the spatial composition (using |) of P 
with any process satisfying A\ satisfies A 2 , and P satisfies A<Z>n if (vn)P satisfies 
A. Some spatial logics have an operator for fresh name quantification |llj . 

There are lots of works of spatial logics for 7r-calculus and Mobile Ambients. In 
some papers, spatial logic was studied on its relations with structural congruence, 
bisimulation, model checking and type system of process calculi f ol6l9H 6(2Tl . The 
main idea of this paper is that the theory of processes can be reduced to the 
theory of spatial logic. In this paper, we present a spatial logic for higher order 
7r-calculus, called SL, which comprises some action temporal operators such as 
(r) and (a{A)), some spatial operators such as prefix and composition, some 
adjunct operators of spatial operators such as > and 0, and some operators on 
the property of free names and bound names such as On and 0. We give an 
inference system of SL, and prove the soundness of the inference system for 
SL. Furthermore, we show that there is no finite complete inference system for 
SL. Then we study the relation between processes and SL formulas. We show 
that a SL formula can be viewed as a specification of processes, and conversely, 
a process can be viewed as a special kind of SL formulas. Therefore, SL is a 
generalization of processes, which extend process with specification statements. 
We show that the structure congruence relation and one-step transition relation 
can be described as the logical relation of SL formulas. We also show that 
bisimulations for higher order processes can be characterized by a sublogic of 
SL. Furthermore, we give a weak semantics version of SL, called WL, where 
the internal action is unobservable. The results of SL are extended to WL, such 
as an inference system for WL, the soundness of this inference system, and no 
finite complete inference system for WL. Finally, we add /x-operator to SL. The 
new logic named fiSL. We show that WL is a sublogic of [iSL and replication 
operator can be expressed in fiSL. Thus /iSL is a powerful logic which can 
express both strong semantics and weak semantics for higher order processes. 

This paper is organized as follows: In Section 2, we briefly review higher 
order 7r-calculus. In Section 3, we present a spatial logic SL, including its syntax, 
semantics and inference system. The soundness and incompleteness of inference 
system of SL are proved. Furthermore, we discuss that SL can be regarded as 
a specification language of processes and processes can be regarded as a kind of 
special formulas of SL. Bisimulation in higher order 7r-calculus is described by 
a sublogic of SL. In Section 4, we give a weak semantics version of SL, called 
WL. We generalize concepts and results of SL to WL. In Section 5, we add 
/x-operator to SL. The new logic named fiSL. The expressive power of /iSL is 
studied. The paper is concluded in Section 6. 



2 Higher Order 7r-Calculus 



2.1 Syntax and Labelled Transition System 

In this section we briefly recall the syntax and labelled transition system of the 
higher order 7r-calculus. Similar to |28j . we only focus on a second-order fragment 
of the higher order 7r-calculus, i.e., there is no abstraction in this fragment. 

We assume a set TV of names, ranged over by a, b, c, ... and a set Var of 
process variables, ranged over by X, Y, Z, U, .... We use E, F, P, Q, ... to stand for 
processes. Pr denotes the set of all processes. 

We first give the grammar for the higher order 7r-calculus processes as follows: 

P ::= | U | tt.P | Pi|F 2 | {ya)P 

7r is called a prefix and can have one of the following forms: 
7r ::= a(U) | a(P), here a(U) is a higher order input prefix and a(P) is a 
higher order output prefix. 

In each process of the form (yy)P the occurrence of y is bound within the 
scope of P. An occurrence of y in a process is said to be free iff it does not lie 
within the scope of a bound occurrence of y. The set of names occurring free in 
P is denoted fn(P). An occurrence of a name in a process is said to be bound 
if it is not free, we write the set of bound names as bn(P). n(P) denotes the 
set of names of P, i.e., n(P) = fn{P) U bn{P). The definition of substitution in 
process terms may involve renaming of bound names when necessary to avoid 
name capture. 

Higher order input prefix a(U).P binds all free occurrences of U in P. The 
set of variables occurring free in P is denoted fv(P). We write the set of bound 
variables as bv(P). A process is closed if it has no free variable; it is open if it 
may have free variables. Pr c is the set of all closed processes. 

Processes P and Q are a-convertible, P = a Q, if Q can be obtained from 
P by a finite number of changes of bound names and variables. For example, 
(vb)(a(b(U).U).0) = a {vc)(a{c{U).U).Q). 

Structural congruence: P\Q = Q\P; {P\Q)\R = P\{Q\R)\ P|0 = P; (va)0 = 
0; {vm){vn)P = (vn){vm)P; {va){P\Q) = P\{va)Q if a $ fn(P). 

In [35], Parrow has shown that in higher order 7r-calculus, the replication 
can be defined by other operators such as higher order prefix, parallel and re- 
striction. For example, IP can be simulated by Rp = {va)(D\a(P\D) .0), here 
D = a(X).(X\a(X).0). 

The operational semantics of higher order processes is given in Table 1. We 
have omitted the symmetric cases of the parallelism and communication rules. 

ALP : P = Q,P' = Q' 

OUT :a(E).P a -^l P 

IN : a(U).P ^ P{E/U} bn{E) = 
P^P' 

PAR : bn(a) n fn(Q) = 

P\Q^P'\Q 



(ubME) a{E) 

COM : — - ^ — H b n fn(Q) = 
P\Q {ub){P'\Q>) 

P^P' 

RES : a 4 n(a) 

{va)P iya)P' 

OPEN : (, b ^(E) a^b,be fn(E)-c 

Tablel 



2.2 Bisimulations in Higher Order 7r-Calculus 

Context bisimulation and contextual barbed bisimulation were presented in 
[29 25] to describe the behavioral equivalences for higher order 7r-calculus. Let 
us review the definition of these bisimulations. In the following, we abbreviate 
P{E/U} as P(E). 

Context bisimulation is an intuitive definition of bisimulation for higher order 
7r-calculus. 

Definition 1 A symmetric relation R C Pr c x Pr c is a strong context 
bisimulation if P R Q implies: 

(1) whenever P — > P', there exists Q' such that Q — > Q' and P' R Q'; 

(3) whenever P P', there exists Q' such that Q a ^~l Q' and P' R Q'; 

(4) whenever P ^ f !^ B ^ p' ; there exist Q' , F, csuch that Q "Z—^^ Q> anc [ 
for all C(U) with fn(C(U)) n {6,c} = 0, (vb)(P'\C(E)) R {vc){Q'\C(F)). Here 
C{U) represents a process containing a unique free variable U. 

We write P ~ct Q if P an d Q are strongly context bisimilar. 

Contextual barbed equivalence can be regarded as a uniform definition of 
bisimulation for a variety of process calculi. 

Definition 2 A symmetric relation R C Pr c x Pr c is a strong contextual 
barbed bisimulation if P R Q implies: 

(1) P\C R Q\C for any C; 

(2) whenever P P' then there exists Q' such that Q — > Q' and P' R 

Q'; 

(3) P 1,, implies Q | p , where P | a if 3P', P ^ P', and P ^ if 3P', 

p (vbya{E) p , 

We write P ~b„ Q if P and Q are strongly contextual barbed bisimilar. 

Intuitively, tau action represents the internal action of processes. If we just 
consider external actions, then we should adopt weak bisimulations to charac- 
terize the equivalence of processes. 

Definition 3 A symmetric relation R C Pr c x Pr c is a weak context bisim- 
ulation if P R Q implies: 

(1) whenever P =N> P', there exists Q' such that Q => Q' and P' P Q'\ 

(2) whenever P ^1- P', there exists Q' such that Q <5' and P' R Q'; 



(3) whenever P p' ; there exist Q' , F, c such that Q ^IM.^ q> anc j 

for all C(U) with fn{C{U)) n {6,2) = 0, (z/6)(P'|C(E)) P (z/£)(Q'|C(F)). Here 
C(U) represents a process containing a unique free variable £7. 

We write P ~ct Q if P and Q are weakly context bisimilar. 

Definition 4 A symmetric relation R C Pr c x Pr c is a weak contextual 
barbed bisimulation if P R Q implies: 

(1) P\C RQ\C for any C; 

(2) whenever P =^=> P' then there exists Q' such that Q =^=> Q' and P' R 

Q'\ 

(3) P ij-f, implies Q ^, where P ^ if 3P', P P' and P' | p . 

We write P ^ Q if P and Q are weakly contextual barbed bisimilar. 

3 Logics for Strong Semantics 

In this section, we present a logic to reason about higher order 7r-calculus called 
SL. This logic extends propositional logic with three kinds of connectives: action 
temporal operators, spatial operators, operators about names and variables. We 
give the syntax and semantics of SL. The inference system of SL is also given. 
We prove the soundness and incompleteness of this inference system. As far as 
we know, this is the first result on the completeness problem of the inference 
system of spatial logic. Furthermore, we show that structural congruence, one- 
step transition relation and bisimulation can all be characterized by this spatial 
logic. It is well known that structural congruence, one-step transition relation 
and bisimulation are the central concept in the theory of processes, and almost all 
the studies of process calculi are about these concepts. Therefore, our study gives 
an approach of reducing theory of processes to theory of spatial logic. Moreover, 
since processes can be regarded as a special kind of spatial logic formulas, spatial 
logic can be viewed as an extension of process calculus. Based on spatial logic, 
it is possible to propose a refinement calculus [33] of concurrent processes. 

3.1 Syntax and Semantics of Logic SL 

Now we introduce a logic called SL, which is a spatial logic for higher order 
7r-calculus. 

Definition 5 Syntax of logic SL 

A ::= T| J_| -iA | A 1 A A 2 \ (r)A | (a(A 1 ))A 2 \ (a[A 1 ])A 2 | (a(A 1 ))A 2 \ | 
X | a OX. A \A\aQX\ a{Ai).A 2 A \ a \ A\ \A 2 \ A 1 > A 2 a® A \ A0a \ 
(Nx)A | (NX)A | (Qa)A | (e)A \a^b 

In (Na;)A, (NX)4, the variables x (and X) are bound with scope the formula 
A. We assume defined on formulas the standard relation = a of a-conversion 
(safe renaming of bound variables), but we never implicitly take formulas "up 
to a-conversion" : our manipulation of variables via a-conversion steps is always 
quite explicit. The set fn(A) of free names in A, and the set fpv(A) of free 
propositional variables in A, are defined in the usual way. A formula is closed if 



it has no free variable such as X, it is open if it may have free variables. SL C 
is the set of all closed formulas. In the following, we use A{b/a} to denote the 
formula obtained by replacing all occurrence of a in A by b. Similarly, we use 
^4{F/X} to denote the formula obtained by replacing all occurrence of Y in A 
by X. It is easy to see that a process can also be regarded as a spatial logic. For 
example, process a(E).P is also a spatial logic. In this paper, we say that such 
a formula is in the form of process. 
Definition 6 Semantics of logic SL 
■]] Pr = Pr 

[±]] Pr = 

,A]] Pr = Pr- [[A]] Pr 

[A! A A 2 ]]p r = [[Al]]p r [[A 2 ]]pr 

[{r)A]\ Pr = {P | 3Q. P ^ Q and Q G [[A]} Pr } 

[(a(A 1 ))A 2 ]} Pr = {P | 3P 1 ,P 2 . P ^ P 2 , P 1 G [[A^ and P 2 G [[A 2 ]] Pr } 
[(a[A 1 ])A 2 ]} Pr = {P | VP, R G [L4i]]p r , 3Q. P Q and Q G p 2 ]] Pr } 
[(a(A 1 ))A 2 ]] Pr = {P | 3P,P 2 . P ( ^ Pl> P 2 , (i/&)P! e [[Aiftpr and P 2 G 

[IMPr} 

[0}}p r = {P\P = 0} 

[X}] Pr = {P\P = X} 

[a X.A]] Pr = {P | 3Q. P = a(X).Q and Q G [[A]} Pr } 
[A\aO X]] Pr = {P | a(X).P G {[A}] Pr } 

[a(Ai}.A 2 ]] Pr = {P | 3Pi,P 2 . P = a(Pi).P 2 , Pi G [[Ai]]p r and P 2 G 

P 2 ]]pr} 

[A\o]] Pr = {P|o(P).0Gp]]p r } 

[AM^ = {P | 3Qi,Q 2 . P = Qi\Q2, Qi G pi]]p r and Q 2 G [[A 2 ]] Pr } 
[Ai > A 2 ]] Pr = {P | VQ. Q G pi]] Pr implies P|Q G p 2 ]]pr} 
[a®A]] Pr = {P | 3Q. P = {va)Q and Q G p]] Pr } 
[A0a]] Pr = {P | (va)P £ [[A]] Pr } 

{(Nx)A}] Pr = U nifn((Nx)A) ([[A{n/x}}} Pr \{P | n G /n(P)}) 
[(NI)i]] Pr = U y ^ ((NX)A) ([[A{T//X}]]p r \{P | V G fpv(P)}) 
[(ea)A]} Pr = {P\ai fn(P) and P G [L4]] Pr } 
[(e)A]] Pr = {P | 3Q. P = Q and 6n(Q) = and Q G p]]p r } 
[a / &]]p r = Pr if a ^ & 
[a ^ b]] Pr = if a = b 
In SX, formula (a(A{))A 2 describes processes that can receive a process satis- 
fying Ax and then becomes a process satisfying A 2 . Formula (a[A{\)A 2 describes 
processes that if it receive any process satisfying A\ then it becomes a process 
satisfying A 2 . A \ a Q X is an adjunct operator of a X.A, and A \ a is an 
adjunct operator of a(A).0. (Qa) A represents processes that satisfying A and 
a is not its free name. (Q)A represents processes that satisfy A and have no 
bound names. Other operators in SL are well known in spatial logic or can be 
interpreted similarly as above operators. 
Definition 7 P \= SL A iff P G [[A]] Pr . 



Definition 8 For a set of formulas r and a formula A, we write r \=sl A, 
if A is valid in all processes in which r is satisfiable. 

Definition 9 If a A\, A n infer B" is an instance of an inference rule, and 
if the formulas A\,...,A n have appeared earlier in the proof, then we say that 
B follows from an application of an inference rule. A proof is said to be from 
r to A if the premise is r and the last formula is A in the proof. We say A is 
provable from r in SL, and write r \~sl A, if there is a proof from r to A in 
SL. 

For example, the following sets can be defined by operators in SL: 
{P | VPi. Pi e [[A^pr implies a{Pi).P e [[A 2 ]] Pr } = [[(b(Y) H^) Y > 
(r)A 2 ) \ b]]pr 

{P | VPi. Pi £ [[A^Pr implies a{P).Pi £ {{A 2 }} Pr } = [[(b(Y).a(Y).Ai > 

{t)A 2 ) \ b)] Pr 

{P \ae fn(P) and P e [[A]] Pr } = [H©a)T A A]] Pr 
{P | X e fv(P) and P e l{A]} Pr } = [h(e*)T A A]] Pr 

(Hx)A = (Nx)x®A, which is related to name restriction in an appropriate 
way; namely, that if process P satisfies formulas A{n/x} 7 then {vn)P satisfies 
(Hx)A. 

(a~HX)A = (Nl)a X.A, which is related to process variable restriction in 
an appropriate way; namely, that if process P satisfies formulas A{U/X}, then 
a(U).P satisfies (aHX)A. 

3.2 Inference System of SL 

Now we list a number of valid properties of spatial logic. The combination of 
the complete inference system of first order logic and the following axioms and 
rules form the inference system of SL. 



{a)±^± ±>A^± {A\B)\C++ A\{B\C) 

a X.± — > _L a®_L^_L A\0 «-)• A 

a(T)._L^_L l0a^l a®0^0 

a(_L).T^_L (0a)±^_L a®b®A o b®a®A 

I\a0l4l (Na;)_L^_L a®{{ea)A\B) O (Qa)A\a®B 

_L\a^_L (0)_L^_L a® A -> (Nb)b®A{b/a} 

A\±^± (NI)l^l a © X.A — >• (N7)a Y.A{Y/X} 

At>±->_L A\B <-> B\A (0a)OoO 

(Qa)X o X 

(ea)a(X).A -H- _L (0)0^0 

(ea)o(S).^ o- _L (e)x^x 

a^b^ ((ea)b(X).A o b(X).(Qa)A) (§)a OlinaQ X(©)A 

a ^ 6 -> ((0a)6(B).A <-> b((Qa)B).(ea)A) {Q)a{B).A o a((©)5).(©)^ 

(©a)A|(©a)B o (©a)(A|S) (©)A|(©)5 o (©)(A|B) 

a ^ & ->■ ((©a)(©6)A o (©6)(©a)A) (©)a®A _L 

(©a)T ->• (©a)a®^4 



(Nx)0 <-> (NX)O 

(Nx)X o X (NX)X -> y 

(Ncc)a A.A o a I.(Ni)(i ^ a A A) (NI)a y.A <-> a F.fNI)^ 

(Nx)a(B).A -> a((Ni)(i ^ a A B)).(Ni)(a: ^ a A A) (Nlja(B).i -> a((NX)B).(NX)A 

(Nx)(A|B) -> (Nx)A|(Na;)S (NX)(A|B) (NX)A|(NX)B 

(Nx)x ^ a A a®A -> a®(Na;)A (NX)a®A o a®(NI)i 



aQX.(A\aQX) -> A 
A -> (a X.A) \ a © X) 
a(A\a}.0 -> ^ 
A -> ((a(A).O) \ a) 
-> B 

^ (B>A|B) 
a®(^4 0a)^i 



A ->• (a® A a) 

-> B h (a)B 



a(C>.A,A - 
a(B).A,B - 
{a(B))A,C 
(a[B])A,C- 



* B ha0XB 
B h a(C).B 
C\-a(C).A 
■> B h (a(C))A 
> B h (a[C])A 



A\a, A— S>BhB\a 
i->Bh ^4|C -> B|C 
a®A, i^Bh a®B 
(ea)A, A -> B h (0a)B 
(0)A,A^Bh (0)B 



a(B).A -> (a(B))A 

(a f/.A A ((9)B O B)) -> (a[B])A{B/[/} 

«r>A)|B-y<r>(A|B) 

«a<C»A)|B <a<C»(A|B) 

(((96i, 9&„)B ^ B) A ((§)C <-> C)) -> 

(((5(6i®...6„®C»A)|B -> <3<6i®...6 n ®C»(A|B)) 
(((06i, 06„)B B) A ((e)C <-> C)) -> 

(((a(6i®...6„®C))A)|(a[C])B -»• (r)6i®...6„®(A|B)) 
(a ^ 6 A ((0a)B o B) A ((§)B o B)) -> (a®(&(B}},4 -> (6(B))a®A) 
(A"=iO ^ i); A a ^ c A ((0a)B o B) A ((©)B <-> B)) -> 

(a®(c(6 1 ®...6„®B)}yl -»• (c(6 1 ®...& n ®B))a®A) 
(a ^ 6 A A? =1 6 /c,A (B -> -i(96)T) A ((§)B o B)) -> 

(6®(a( Cl ®...c n ®B)}yl ->• (a(&®ci®...c„®B))A) 
(a[B])A ( a (B))A 

(a(B))A — > (a[B])A, where B is syntactically a valid process in the higher 
order pi — calculus. 

Intuitively, axiom a® A — > (Nb)b®A{b/a} means that if process P satisfies 
{va)A and b is a fresh name then P satisfies (vb)A{b/a\. Axiom a(B).A — > 
{a{B))A means that an output prefix process can perform an output action, 
which is a spatial logical version of Rule OUT in the labelled transition system of 
higher order 7r-calculus. Axiom (aQU.AA((G)B <h> B)) -)■ {a[B])A{B/U} means 
that an input prefix process can perform an input action, which is a spatial logical 
version of Rule IN in the labelled transition system of higher order 7r-calculus. 
Axiom (((e&i, -..,eb n )B B)A((0)C C)) -> (({a(b 1 ®...b n ®C))A)\{a[C])B 
— > (r)bi®...b n ®(A\B)) is a spatial logical version of Rule COM. Other axioms 
and rules are spatial logical version of structure congruence rules or labelled 
transition rules similarly. 



3.3 Soundness of SL 



Inference system of SL is said to be sound with respect to processes if every 
formula provable in SL is valid with respect to processes. 

Now, we can prove the soundness of inference system of SL: 

Proposition 1 r h SL A => r \=sl A 

Proof. See Appendix A. 

3.4 Incompleteness of SL 

The system SL is complete with respect to processes if every formula valid 
with respect to processes is provable in SL. For a logic, completeness is an 
important property. The soundness and completeness provide a tight connection 
between the syntactic notion of provability and the semantic notion of validity. 
Unfortunately, by the compactness property |18j , inference system of SL is not 
complete. 

The depth of higher order processes in Pr, is defined as below: 
Definition 10 d(0) = 0; d(U) = 0; d(a(U).P) = 1 + d(P); d(a(E).P) = 
l + d{E)+d(P); d(Px\P 2 ) = + d{P 2 ); d((va)P) = d{P). 

Lemma 1 For any P e Pr, there exists n, such that d(P) = n. 
Proof. Induction on the structure of P. 

Proposition 2 There is no finite inference system such that r \=sl A =>■ 

r ^sl a. 

Proof. See Appendix B. 

3.5 Spatial Logic as a Specification of Processes 

In the refinement calculus [23] , imperative programming languages are extended 
by specification statements, which specify parts of a program "yet to be devel- 
oped" . Then the development of a program begins with a specification state- 
ment, and ends with a executable program by refining a specification to its 
possible implementations. In this paper, we generalize this idea to the case 
of process calculi. Roughly speaking, we extend processes to spatial logic for- 
mulas which are regarded as the specification statements. Processes can be 
regarded as a special kind of spatial logic. One can view the intensional op- 
erators of spatial logic as the "executable program statements", for example, 
a(P).Q, P\Q and etc; and view the extensional operators of spatial logic as 
the "specification statements", for example, A > B, A\b and etc. For example, 
(bGY.a(Y).Ai > (t)A 2 ) \ b\(dG>Y.c(Bi).Y > (t)B 2 ) \ d represents a specification 
statement which describes a process consisting of a parallel of two processes sat- 
isfying statements (b Y.a(Y).Ai > (t)A 2 ) \ b and (d Y.c{B\).Y > (t)B 2 ) \ d 
respectively. Furthermore, (b Y.a(Y).Ai > (t)A 2 ) \ b represents a specification 
which describes a process P that a{P).Q satisfying A 2 for any Q satisfying A\. 
Similarly, (do Y.c(B\).Y > (t)B 2 ) \ d represents a specification statement which 
describes a process M such that c(N).M satisfying B 2 for any N satisfying B\. 
We can also define refinement relation on spatial logic formulas. Intuitively, if 



\=sl A —> B, then A refines B. For example, a®(a X .d.X\a(c.O) .e.O) refines 
a®((a[c.0])d.c.0\{a{c.0))e.0). Based on spatial logic, one may develop a theory 
of refinement for concurrent processes. This will be a future research direction 
for us. 

3.6 Processes as Special Formulas of Spatial Logic 

Any process can be regarded as a special formulas of spatial logic. For exam- 
ple, (Na)fl®(NX)(ffl X.d.X\a(c.O).e.O) is a spatial logic formula, which rep- 
resents the process which is structural congruent to (ua)(a(X).d.X\a(c.O) .e.O). 
Furthermore, in this section, we will show that structural congruence and la- 
belled transition relation can be reformulated as the logical relation of spatial 
logical formulas. 

Definition 11 The translating function T PS is defined inductively as follows: 
T PS (P) d = P for process P that has no operators of (va)-, or a(X).-; 
T PS {{va)P) d = f (Ha)T PS {P); 
T PS (a(X).P) d = f {aHX)T PS (P). 

Proposition 3 For any P, Q G Pr c , P = Q o P T ps (Q) and Q \= S l 
T PS (P) & T PS (P) h S L T PS (Q) and T PS (Q) h SL T PS (P). 
Proof. See Appendix C. 

Proposition 4 For any P, Q G Pr c , P -A Q O P Hsl {a)T PS (Q) <^ 
T PS (P) ^SL (a)T PS (Q). 
Proof. See Appendix D. 

Although Proposition 2 states that the inference system is not completeness, 
Propositions 3 and 4 show that this inference system is completeness with respect 
to structural congruence and labelled transition relation of processes. 

3.7 Behavioral Equivalence Relation of Spatial Logic 

In [5], we introduced a spatial logic called L, and proved that L gives a charac- 
terization of context bisimulation. 

Definition 12 [5] Syntax of logic L 

A ::= -iA | A 1 A A 2 | (a(T))T | (a(T))T | (t)A | A 1 > A 2 . 

It is easy to see that L is a sublogic of SL. 

In [S], we proved the equivalence between an d logical equivalence with 
respect to L. 

Proposition 5 [9] For any P, Q G Pr c , P ~ Ci . Q <^»for any formula A G £, 

Definition 13 A and B are behavioral equivalent with respect to L, written 
A ~ L B, iff for any formula C £ L, hsL A -)• C iff Hsl 5 C. 

By Proposition 5, it is easy to get the following corollary, which characterize 
~c* by SX property. 

Corollary 1 For any P, Q £ Pr c , P ~ ct Q <^ P ~ L Q. 

Relation ~£ is a binary relation on spatial logical formulas. The above results 
show that r~j ^ gives a logical characterization of bisimulation when formulas 



are in the form of processes. Moreover, relation ^ L also gives a possibility to 
generialize bisimulation on processes to that on spatial logical formulas. Since 
we have discussed that spatial logical formulas can be regarded as specifications 
of processes, we may get a concept of bisimulation on specifications of processes 
based on . 

4 Logics for Weak Semantics 

In this section, we present a logic for weak semantics, named WL. Roughly 
speaking, in this logic, action temporal operators (r), (a(A)), (a[A]) and (a(A)) 
in SL are replaced by the weak semantics version of operators ((e)), ((a{A))), 
((a[A\)) and ((a(A))). Almost all definitions and results of SL can be generalized 
to WL. 

4.1 Syntax and Semantics of Logic WL 

Now we introduce a logic called WL, which is a weak semantics version of spatial 
logic. 

Definition 14 Syntax of logic WL 

A ::= T| J_| ->A \A X AA 2 \ ((e)) A | ((a(A x )))A 2 | ((a[A 1 ]))A 2 | ((a(A 1 )))A 2 
| | X | aQX.A \A\aQX\ a{Ai).A 2 \A\a \ A X \A 2 A x > A 2 \ a® A \A0a 
| (Nx)A | (NX)A | (ea)A \ (Q)A \a^b 

Definition 15 Semantics of logic WL 

Semantics of formulas of WL can be the same as formulas of SL, except that 
semantics of operators ((e)), ((a(A))), ((a[A\)) and ((a(A))) should be defined 
as follows: 

H((e))A]] Pr = {P | 3Q. P Q and Q e [{A]] Pr } 

[[MAi)))M\pt = {P I 3Pi,P 2 - P ^ P 2 , Pi e [[A^Pr and P 2 e 

l[M]Pr} 

[[((a[A 1 ]))A 2 ]] Pr = {P | Vi?, R G [[A^, 3Q.P a ^Q and Q e [[A 2 ]} Pr } 

[[((a(A 1 )))A 2 ]] Pr = {P | 3P U P 2 . P {vb ^ l] P 2 , (i/6)P! e [[A^ and P 2 G 
U 2 ]] Pr } 

4.2 Inference System of WL 

The inference system of WL is similar to the inference system of SL except 
that any inference rule about action temporal operators (r), (a(A)), (a[A\) and 
(a(A)) in SL is replaced by one of the following inference rules. 
((a))± -> _L 

(( Q })A^PBh((a))B 

(( £ »AA^((apM(«P 

((a(B)))AC^Bh((a(C)))4 

((a[B)))A,C^B\-{(a[C\))A 



a(B).A -> {{a(B)))A 

(a U.A A ((0)B O B)) ((a[B]))^{B/C/} 

(«e»A)|B^((e))(A|B) 

(((a(C)))A)|B ^ ((a(C)))(A|B) 

(((96i, o B) A ((e)C o C)) -y 

((«a(6 1 ®...6„®C)))A)| J B -> ((a(6 1 ®...6 n ®C)))(A|B)) 
(((96i, G&„)S O B) A ((e)C O C)) -> 

((«a(6 1 ®...6„®C))) J 4)|((a[C]))B -> (( £ ))6 1 ®...6„®(A|B)) 
a®((e}}^ -> {{e}}a®A 

(a ^ 6 A (((6a)B A (©)B) o B)) -> (a®((b(B)))A -> ((6(B)))a®A) 
(A" =1 a ^biAa^cA ((0a)B o B) A ((©)B O B)) -> 

(a®«c<&i®...&„®B)»4 ((c(6 1 ®...& n ®B)))a®A) 
(o^iA A? =1 6 /qA (B -> ->(0&)T) A ((0)B <-> B)) -> 

(&®((a{ci®...c n ®B)))A ((o(6®ci®...Cn®S)))A) 
((a[B]))A^((a(B)))A 

((a(B)))A — > ((a[B]))A, where B is syntactically a valid process in the 
higher order pi — calculus. 

The above axioms and rules are weak semantics version of corresponding 
axioms and rules in SL. 

The soundness and incompleteness of inference system of WL can be given 
similarly as the case of SL: 

Proposition 6 T ^ WL A ^ T \=wl A 

Proposition 7 There is no finite inference system such that r ^wl A 

r h WL a. 

Similar to Proposition 4, we show that many-steps transition relation is prov- 
able in WL. 

Proposition 8 For any F,Qe Pr c , P Q & P ^ WL ((a))T PS (Q) & 
T PS (P) ^wl ((a))T PS (Q). 

Since structural congruence and labelled transition relation are central con- 
cepts in the theory of processes, and they can be characterized in WL, the above 
propositions give a possible approach to reduce the theory of processes to the 
theory of spatial logic in the case of weak semantics. 

5 Adding /x-Operator to SL 

In this section, we add /x-operator [3] to SL. We call this new logic as uSL. We 
will show that WL is a sublogic of uSL. 

5.1 Syntax and Semantics of fiSL 

The formula of /iSL is the same as the formula of SL except that the following 
/z-calculus formula is added: 

If A(X) G fiSL, then uX.A(X) G fiSL, here X occurs positively in A(X), 
i.e., all free occurrences of X fall under an even number of negations.. 



The model of /iSL is the same as SL. We write such set of processes in which 
A is true as [[A]]p r , where e: Var — > 2 Pr is an environment. We denote by e[X <— 
W] a new environment that is the same as e except that e[X <— W] (X) = W. The 
set [[A]]g is the set of processes that satisfy A. In the following, we abbreviate 
A(B) as A{B/X}, and abbreviate A n+1 (B) as A(A n (B)) where A°(B) is B. 

Semantics of /i-operator is given as following: 

[[HX.A(X)}]% = n{W C Pr | [[A(X)]]^ W] C W}. 

In ^-calculus [3], it is well known that [[/il.4(l)]]^ r = [[A 1 (_L)]]f 3r U[[A 2 (_L)]]|, r . 
U ... 

5.2 Inference System of fiSL 

Inference system of [iSL is the combination of the following two rules of fi- 
calculus [3J and the inference system of SL. 

A(pX.A(X)) -> nX.A(X). 

h A(B) — > B ==>h (LiX.^(X) -> B. 

The soundness and incompleteness of inference system of fiSL can be given 
as the case of SL. 

Proposition 9 r \-^ S L A => L H^sl A 

Proposition 10 There is no finite inference system such that r ^ p sl A 

r h pS L a. 

5.3 Expressivity of fiSL 

In this section, we will discuss the express power of /iSL. We will prove that WL 
is a sublogic of /iSL and give a function which can translates a WL formula into 
an equivalent /iSL formula. 

Now we can give a translating function from WL formula to /iSL formula: 
Definition 16 The translating function T is defined inductively as follows: 

T WM (A) d = A for proposition A of WL that is not in the form of ((e)) A, 
((a(A 1 )))A 2 , ((a[A 1 ]))A 2 or ((a(A 1 )))A 2 . 

T WM (((e)) A) d = f fiX.(T WM (A) V (t)X) 

T WM {((a(A 1 )))A 2 ) d M ^X.((a(T WM (A 1 )))(pY.(T WM (A 2 ) V (r)Y)) V (r)X) 

T w/M (((a[v4 1 ]))A 2 ) =' /iX.((a[T WM (j4i)]>(/iy.(T WM (A 2 ) V (r)Y) V (r)X) 

T w/M ({(a(A 1 )))A 2 ) ^ /iX.((a(T wrM (Ai)}}(juy.(T WM (A 2 ) V (r)F) V (t)X) 
The following proposition states the correctness of translating function T WM . 
Proposition 11 For any A G WL, T WM {A) E ^SL; for any P G Pr, 
P\=»SL T WM (A)^P^ WL A. 
Proof : See Appendix E. 

In /iSL, we can also define the replication operator: 
Definition 17 \A d = ^X.^(A\^X) 
Proposition 12 h^ S L A\\A ^\A 
Proof : See Appendix F. 



The above results show that WL is a sublogic of fiSL. Therefore fiSL can 
be used as a uniform logic framework to study both the strong semantics and 
the weak semantics of higher order 7r-calculus. 

6 Conclusions 

Spatial logic was proposed to describe structural and behavioral properties of 
processes. There are many papers on spatial logic and process calculi. Spatial 
logic is related to some topics on process calculi, such as model checking, struc- 
tural congruence, bisimulation and type system. In |16j . a spatial logic for ambi- 
ents calculus was studied, and a model checking algorithm was proposed. Some 
axioms of spatial logic were given, but the soundness and completeness of logic 
was not studied. Most spatial logics for concurrency are intensional [37], in the 
sense that they induce an equivalence that coincides with structural congruence, 
which is much finer than bisimilarity. In [32], Hirschkoff studied an extensional 
spatial logic. This logic only has spatial composition adjunct (>), revelation 
adjunct (0), a simple temporal modality (()), and an operator for fresh name 
quantification. For 7r-calculus, this extensional spatial logic was proven to induce 
the same separative power as strong early bisimilarity. In [S], context bisimula- 
tion of higher order 7r-calculus was characterized by an extensional spatial logic. 
In [5], a type system of processes based on spatial logic was given, where types 
are interpreted as formulas of spatial logic. 

In this paper, we want to show that the theory of processes can be reduced 
to the theory of spatial logics. We firstly defined a logic SL. which comprises 
some temporal operators and spatial operators. We gave the inference system 
of SL and showed the soundness and incompleteness of SL. Furthermore, we 
showed that structural congruence and transition relation of higher order ir- 
calculus can be reduced to the logical relation of SL formulas. We also showed 
that bisimulations in higher order 7r-calculus can be characterized by a sublogic 
of SL. Furthermore, we propose a weak semantics version of SL, called WL. At 
last, we add /i-operator to SL. The new logic named fJtSL. the expressive power 
of fiSL is studied. These results can be generalized to other process calculi. Since 
some important concepts of processes can be described in spatial logic, we think 
that this paper may give an approach of reducing the study of processes to the 
study of spatial logic. The further work for us is to develop a refinement calculus 
|23j for concurrent processes based on our spatial logic. 
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Appendix A. Proof of Proposition 1 

Proposition 1 P h SL A => P \= S l A 

Proof. It is enough by proving that every axiom and every inference rule of 
inference system is sound. We only discuss the following cases: 
Case (1): Axiom a®((Qa)A\B) o (Qa)A\a®B. 

Suppose P G [[a®((ea)A\B)]\, then P = {va){Pi\P 2 ), a £ /n(Pi), Pi G 
[[A]] and P 2 G [[£?]]. Therefore we have P = (i/a)(Pi|P 2 ) = P\\{va)P 2 , P G 
[[(Qa)A\a®B\\. Hence a®((Qa)A\B) «-> (Qa)A\a®B. The inverse case is simi- 
lar. 

Case (2): Axiom a ^ b ->■ ((Qa)b(B).A <-> b((Qa)B).(Oa)A). 

Suppose a ^ b and P G [[(Ga)b(B). A}}, then P = 6(Pi).P 2 , a <£ /n(Pi), 
a £ fn(P 2 ), Pi G [[B]] and P 2 G [[A]]. Therefore we have Pi G [[(Q_a)B]] and 
P 2 G l[(Qa)A}}, P G [[b((ea)B).(ea)A)}}. Hence a / 6 -> ((ea)6<B).^ -> 
b((Qa)B).(Qa)A). The inverse case is similar. 

Case (3): Axiom (A\A> B) -> P. 

Suppose P G P|A>P]], then P = Pi|P 2 , Pi G [[A]] and P 2 G [[A>B]}. 
Therefore, P = Pi|P 2 g [[A\A> B}]. Hence (A|A>P) -> P. 
Case (4): Axiom A -> (P > A|P). 

Suppose P G [[A]], then for any Q G [[P]], P|Q G P|P]]. Hence ^ -> 
(P>A|P). 

Case (5): Axiom (((9&i, 9&„)P <-> P) A ((9)C <-> C)) -> 
((<fl(b 1 ®...b n ®C))A)\B -> <3<6i®...6 n ®C»(A|B)). 

Suppose P G [[({o(6i®...6„®C))A)|B]], then P = Pi|P 2 , Pi (" 6l -i^) B <«> 
Pi', Pi G [[A]], P 2 G [[P]] and Q G [[C]]. Since_(9&i, b n )B o P, {6 1 ,...,6„}n 

fn(P 2 ) = 0. Therefore we have Pi|P 2 ( " 6l "^ )a(Q> P[\P 2 . Hence (((9&i, eb n )B 



<-> B) A ((§)C C)) -»■ («a(&i®...&„®C»A)|P -»• (o(6i®...6 n ®C)) 
(A\B)). 

Case (6): Axiom (((G&i, Qb n )B o- P) A ((e)C <-> C)) -> 
(((a<&i®...&„®C»A)|(a[C])P -+ (r)6 1 @...6„®(A| J B)). 

Suppose P G [[({a(b 1 ®...b n ®C))A)\(a[C})B}}, then P = P 1 |P 2 , 
Pi ( " bl ^ )7r(Q) p 2 P ^ p/ e p./ e [[p]] and g e Since 

(e6i,...,6„)B <-> B, M n /n(P^) = 0. Therefore we have P^Pj 

{vb 1 ,...,b n ){P[\P! l ). Hence (((e&i, 06„)P o B) A ((Q)C o C)) -> 
(((a(b 1 ®...b n ®C))A)\(a[C])B -> (r)6 1 ®...6„®(A|P)). 

Case (7): Axiom (A" =1 a /J,A«^cA ((Qa)B o- P) A ((Q)B O P)) -> 
(a®(c(6i®...6 n ®P)}^ -> (c(6 1 ®...6 n @P}}a@A). 

Suppose P e [[a@(c(fe 1 @...6„®P))A]], then P = {ya)P u Pi {vbl '~^ MQ) 
P{, Q e [[£]], P{ £ [[A]}. Since A? =1 a ^d.Aa^cA ((9a)B <H> B) A ((5)B o 
P), a ^ n(Q). Therefore we have P = {va)P\ ' !> ^£) c (<2) (ya)P[. Hence 
(A" =1 a ^ 6;Aa ^ cA((9a)P «• B)A((e)B o P)) -> (a®(c(&i®...6 n ®B))A -> 
(c(6i®...&„®P))a@A). 

Case (8): Axiom (a ^ b A A? =1 6 ^ c, A ( P -> ->(e6)T) A ((§)£ <-> P)) -> 
(b®{a( Cl ®...c n ®B))A -> (a(&®ci®...c„®P))A). 

Suppose P e [[6®(a(ci®...c„®P))A]], then P = (i/6)Pi, Pi ^ Cl -^°< Q > 
P 1; Q € [[B]], P{ £ [[A]}. Since a + bAA n l=1 b ^ c,A( P -> -(e6)T)A((e)P O P), 
b e fn(Q). Therefore we have P = (vb)Pi ^ vc ^ Cn) ^ Q '> p/. Hence (a ^ 
6 A Af =1 6 ^ ci A (P -> -i(e&)T) A ((Q)P P)) -> (6® (a(ci®...c„®B)) A -> 
(a(6®ci®...c„®P)}yl). 

Appendix B. Proof of Proposition 2 

Proposition 2 There is no finite inference system such that P \=sl A => 
r ^sl A. 

Proof. Let <P = {a(0).T, a(0).a(b.0).T, a{0).a(b.0).a(b.b.0).T, a(0).a(b.O). 
a(b.b.0).a(b.b.b.0).T, ...}. It is easy to see that any finite subset of <P can be 
satisfied in Pr, but <P can not be satisfied in Pr. Suppose it is not true, let P 
satisfies <P. By Lemma 1, there exists n, such that d(P) = n. But for any n, there 
exists ip n in <P such that for any P satisfying ip n , d(P) > n. This contradicts the 
assumption. Therefore <P can not be satisfied in Pr. 

Suppose there is a finite inference system such that P \=sl A => P h$L A. 
Since <P can not be be satisfied in Pr, we have <S> \=sl -L. By the assumption, 
$ hgi T. Hence there is a proof from ^ to _L in SL. Since proof is a finite 
formula sequence, there is finite many formulas (p i in <P occur in the proof. 
Therefore we have A<Pi \~sl -L, where <Pi — {ip i \ (p i is in the proof}. Then by the 
soundness of inference system of SL, we have that <Pi is not satisfiable. Since <f>i 
is a finite subset of this contradicts the assumption. Therefore SL have no 
finite complete inference system. 



Appendix C. Proof of Proposition 3 



Proposition 3 For any P, Q e Pr c , P = Q <=> P ^sl T PS (Q) and Q \=sl 
T PS (P) T PS (P) h S L T PS (g) and T PS (g) h SL T PS (P). 

Proof. It is trivial by the definition that P e Q o P ^si T PS (Q) and 
Q Hsl T PS (P). By the 'soundness, T PS (P) h SL T PS (Q) => P hsz, T PS (Q). 
We only need to prove P = Q ^ T PS (P) h SL T PS (Q) and T PS (g) h SL 
T PS (P). 

We only discuss the following cases, other cases are similar or trivial: 
Case (1): (ym ){vn)P = (yn)(ym)P : Since m®n®T PS (P) O n®m®T PS (P), 
we have m®n®T p s (P) \~sl n®m®T PS {P). The inverse case is similar. 

Case (2): (va)(P\Q) = P\{va)Q if a £ /n(P) : Since a £ /n(P), (Qa)T PS (P) o 
T PS (P). Furthermore, since a®((ea)T P5 (P)|T P5 (g)) <-» (ea)T P5 (P)|a®T PS (g), 
we have a®(T PS (P)|T PS (g)) h SL T PS (P)|a®T P5 (g). The inverse case is sim- 
ilar. 

Appendix D. Proof of Proposition 4 

Proposition 4 For any P,Q £ Pr c , P Q <=> P ^sl (a)T PS (Q) <S4> 
T PS (P) h SL (a)T PS (Q). 

Proof. It is trivial by the definition that P ^ Q ^ P \=sl (a)T PS (Q). By 
the soundness, T P5 (P) h SL (a)T PS (g) => P Hsl (a)T P5 (g). We only need to 
prove P -^Q => P h SL (a)T PS (P). 

We apply the induction on the length of the inference tree of P g : 

Case (1): if the length is 0, then P -^4 g is in the form of a(E).K a -^l K or 

a(C/).X ^ K{E/U}. 

Subcase (a): a(E).K ^ if : Since a(E).T PS {K) -»• (a(E))T PS \K), we 
have a(E).T PS (K) h SL {a{E))T PS (K). 

Subcase (b): a(P).if ^ /f{P/C/} : Since (a(P).T PS (/f) A ((e)T P5 (P) o 
P PS (P))) -> (a[T PS (P)])T P5 (if){T PS (P)/P}, we have a{U).T PS (K) h SL 
(a[T PS {E)])T PS {K){T PS {E)/U}. 

Case (2): Assume the claim holds if length is n, now we discuss the case that 
length is n + 1. 

fi/Mo<£) , a(-E) 

M —4 M TV —4 iV'~ 

Subcase (a): 6 n fn(iV) = 0. 

M|7V (i/6)(M'|JV') 

JSince M ( ^ B> M', iV ^ N', andbnfn(N) = 0, we have T PS {M) -»• 
(a(6®T PS (P))}T PS (M'), T PS (7V) -4 (a[T PS (P)])T PS (jV') and (9&i, b n )T PS {E) 
<-> T PS {E). By the axiom: (((9&i, b n )T PS {N) <-> T PS {N)) A (e)T P5 (P)) -> 
(((a(& 1 ®...6„®T PS (P)))T PS (M))|(a[T PS (P)])T PS (7V) -4 (r)6 1 ®...& n ®(T PS (M) 
|T PS (^))),wehavePEET PS (M)|T PS (A^) h SL (r)6 1 ®...& n ®(T PS (M')|T PS (^'))- 

Subcase (b): — a ^ n(a). 

(i/a)M ^4 (i/a)M' 

Since M ^ M' and a g n(&(P», we have T P5 (M) -4 (b(T PS (E)))T PS (M') 
and ((Ga)T P5 (P)A(e)T PS (P)) O T PS (P). By the axiom (a ^ 6A((ea)T PS (P)A 



(G)T P5 (P)) T PS {E)) -> (a®(fo<T PS (P)))T PS (M) -> (6(T PS (P)»a®T P5 (M)), 
we have T PS (P) = a®T P5 (M) h S z, a®(6(T PS (P)))T PS (M) h SL 
(b(T PS (E)))a®T PS (M)). 

M V M' 
Subcase (c): a ^ 6, 6 e /n(£) - c. 

(i/6)M ^"if^ > M' 

Since M (uZ I% E) M' and a ^ b, b e fn(E) - c, we have T PS (M) -> 
(a(c"®T P5 (£;)}}T PS (M') and a ^ &AA? =1 6 ^ c,A (B -4 -.(06)T). By the axiom 
(a ^ 6AA? =1 6 ^ c,A (P -4 -.(9&)T)A((e)E ^ £)) -4 (&®<a(ci®...c„®T PS (P)}} 
T PS (M') -> (a(&® Cl ®...c„®T PS (P)))T P5 (M0), we have P PS (P) = fo®T PS (M) 
^sl (fc®(a(ci®...c n ®T PS (P)»P PS (AP) h 5i (a(&® Cl ®...c„®P PS (P)}>T PS (M'). 

Appendix E. Proof of Proposition 11 

Proposition 11 For any A G WX, T WM (,4) G /xSX; for any P G Pr, 

Proof : We only discuss the case A — ((a(A\)))A2, other cases are similar. 

Suppose P ^sl T WM (A). Since [\ptX.C(X)]] e Pr = U i [[C i (±)]] e Pr , if P 
6 [[nX.C{X)]] Pr , then P G [[C l (±)]]^ r for some i. Let B = (a(T WM (A 1 ))) 
(jiY.(T WM (A 2 ) V (r)F)), then P H^sl B V (r)P V (t){t)B... V (r) 4 B, here 
(t) 1+1 B denotes (t)((t) 4 P), (r)°P is P. Hence P ^ Q, Q e [[(a(T WM (A^)) 

(tiY.(T WM (A 2 ) V (r)Y)W Pr - Hence Q ^ Q', E G [P™^)]]^, and Q' G 
[^.(T^fAj) V (r)Y)]]f> r . By the similar discuss, we have that Q' ^ Q" 

and Q" G [P™(A 2 )]]f, r . Hence P ^§ Q", P G [P™^)]]^, and Q" G 
[[T™(A 2 )]]p r We have P ^w/ L A. The converse claim is similar. 

Appendix F. Proof of Proposition 12 

Proposition 12 h^sL A|L4 o-U 

Proof : Since by the inference system, Y-^sl S{fiX.S{X)) — > fiX.S(X), we 
have -n/xX.S^X) -> -<S(nX.S(X)). Let Spf) = n(A|nI), then -./iX.S(X) = 
-n/xX.-.(A|-.X) =U, -nS(/j,X.S(X)) = A\->fj,X.^(A\^X) = A\\A. Therefore we 
get h^zM -> 4|!A 

Since by the inference system, h^s^lA — > j4|!j4, we have h^sL — 1(^4|^4| !^4_) — > 
->{A\\A). Let T(X) = ->{A\->X), then T{->(A\IA)) = ->(A\A\IA). Since 
T(->(A\\A)) ->■ -n(A\\A), by the inference system, we have \-^ S l (J.X.T(X) -> 
-.(A|L4). Furthermore, fj,X.T(X) = fiX ,^{A\-^X) = -\A, hence h^sL ~^-A -> 
we have h M s L A|L4 -»!A 



